> ## Documentation Index > Fetch the complete documentation index at: https://stytch.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # Overview > Stytch's Password product allows you to offer a familiar authentication option to your end users, with built-in protection against common password pitfalls like credential stuffing attacks and insecure account deduplication. Before implementing Passwords, it's important to decide if you want to use Cross-Organization Passwords or Organization-scoped Passwords. Learn more in the [Cross-Organization Passwords page](/multi-tenant-auth/authentication/passwords/cross-org). ## Default Password Policy By default, Stytch uses [zxcvbn](https://github.com/dropbox/zxcvbn) for our password strength assessment, which is designed with modern password cracking techniques in mind and rewards easy-to-type but difficult to crack passwords like `EntropyIsInformation` over annoying and ineffective LUDS (lower, upper, digit, symbol) requirements that still allow users to set easily crackable passwords like `P@ssword123`. You can play around with zxcvbn [here](https://lowe.github.io/tryzxcvbn/). Stytch integrates with [HaveIBeenPwned](https://haveibeenpwned.com/) to detect breached passwords, and by default verifies the user's password has not been breached on both initial password creation and on subsequent authentication. If HaveIBeenPwned indicates that a user's current password has been breached, Stytch will force the end user to reset their password in order to prevent a credential stuffing attack. However, Stytch also offers the ability to customize your password strength assessment and password breach detection policies to fit whatever makes the most sense for your application. You can read more about the full list of configurations in the [Strength Policies guide](/multi-tenant-auth/authentication/passwords/strength-policy).